Noodles and Company officials are warning customers about a data breach.

The breach affects customers who used debit or credit cards at certain locations from Jan. 31 to June 2. Company officials say malware may have stolen credit or debit card information, including the cardholder’s name, card number, expiration date and CVV.

The company confirms more than 40 stores in Minnesota were affected. One customer in St. Louis Park told us, "my credit card called me and said I was subject to a number of $1 charges they flagged as fraudulent test charges." She put a fraud alert on file.

The investigation into the “unusual activity” on the company’s credit card processor started May 17, company officials say. The company started working with forensic experts to see if the computer systems had been compromised, and on June 2, they found “suspicious activity” on the systems that indicated a possible breach.
The company announced the breach to the public Tuesday. Matthew Harmon owns IT Risk Limited, a security testing and training company in Minneapolis.

"Stuff like this can happen to anyone, where ever the data is that's what hackers are going to target, everyone is a target in these situations," said Harmon.

“In an era where sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance,” the company said in a statement. “We encourage you to review your account statements regularly and monitor your credit reports for suspicious activity.”

Company officials say the malware has been found, and guests can once again use their credit and debit cards at the restaurants.

Anyone with questions can call 888-849-1067 from 9 a.m. to 9 p.m. Monday through Friday.